Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Qghijk Mnopqrst Vwx] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- [<HKLM>\SYSTEM\ControlSet001\Services\Qghijk Mnopqrst Vwx] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- %ProgramFiles%\Kghd\Gshijklmn.jpg
- C:\system32.txt
- C:\system32.txt
- 'te###.3322.org':2012
- DNS ASK te###.3322.org